WP-Safety

PixRem – Unused Image Cleaner Security & Risk Analysis

wordpress.org/plugins/pixrem

Find and delete unused images in your Media Library. Backup, restore, whitelist, and scan support for all major page builders.

20 active installs v1.0.3 PHP 7.2+ WP 5.4+ Updated Sep 22, 2025
image-optimizermedia-cleanermedia-libraryremove-imagesunused-images
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is PixRem – Unused Image Cleaner Safe to Use in 2026?

Generally Safe

Score 100/100

PixRem – Unused Image Cleaner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "pixrem" v1.0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping, with 93% of outputs being properly escaped, and has a history entirely free of known vulnerabilities (CVEs). The plugin also includes a reasonable number of nonce and capability checks (11 and 10 respectively). However, a significant concern arises from its attack surface, with 10 AJAX handlers identified, of which a substantial 7 lack authentication checks. This creates a notable entry point for potential unauthorized actions. Furthermore, the presence of the `unserialize` function is a critical red flag, as it can lead to remote code execution if user-controlled data is passed to it without proper sanitization. While taint analysis found no critical or high severity unsanitized flows, the combination of numerous unprotected AJAX endpoints and the `unserialize` function represents a tangible risk that could be exploited by an attacker to achieve arbitrary code execution or perform unauthorized actions on the WordPress site.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous unserialize function present
Vulnerabilities
None known

PixRem – Unused Image Cleaner Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

PixRem – Unused Image Cleaner Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
2 prepared
Unescaped Output
3
40 escaped
Nonce Checks
11
Capability Checks
10
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized = @unserialize($value);includes\scan-functions.php:11

SQL Query Safety

33% prepared6 total queries

Output Escaping

93% escaped43 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
pixrem_ajax_scan_batch (includes\scan-functions.php:176)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

PixRem – Unused Image Cleaner Attack Surface

Entry Points10
Unprotected7

AJAX Handlers 10

authwp_ajax_pixrem_restore_backupincludes\backup-handler.php:144
authwp_ajax_pixrem_delete_imageincludes\delete-limit.php:46
authwp_ajax_pixrem_delete_all_imagesincludes\delete-limit.php:86
authwp_ajax_pixrem_restore_imageincludes\restore-handler.php:10
authwp_ajax_pixrem_scan_batchpixrem.php:85
authwp_ajax_pixrem_get_unusedpixrem.php:86
authwp_ajax_pixrem_delete_imagepixrem.php:87
authwp_ajax_pixrem_restore_backuppixrem.php:88
authwp_ajax_pixrem_delete_all_imagespixrem.php:89
authwp_ajax_pixrem_set_used_idspixrem.php:132
WordPress Hooks 10
actionadmin_enqueue_scriptsadmin\admin-assets.php:42
actionadmin_menuadmin\admin-page.php:26
actionadmin_enqueue_scriptsadmin\admin-page.php:28
actionpixrem_before_deleteincludes\backup-handler.php:228
actionadmin_menuincludes\logs-manager.php:188
actionadmin_initincludes\whitelist-manager.php:28
actionadmin_menuincludes\whitelist-manager.php:43
actiondelete_attachmentpixrem.php:54
actionadmin_enqueue_scriptspixrem.php:59
actionplugins_loadedpixrem.php:197
Maintenance & Trust

PixRem – Unused Image Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 22, 2025
PHP min version7.2
Downloads328

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

PixRem – Unused Image Cleaner Alternatives

Assetbroom – Unused Media & Duplicate Image Cleaner

Assetbroom – Unused Media & Duplicate Image Cleaner

assetbroom-media-cleaner

A
100

Detect unused images, duplicate media files, and safely clean your WordPress media library without breaking your website.

0 No CVEs
Pro Uploads Cleaner

Pro Uploads Cleaner

pro-uploads-cleaner

A
100

Scan and clean unused images from your WordPress uploads folder safely.

0 No CVEs
Unattached Media Manager

Unattached Media Manager

unattached-media-manager

A
100

Fix the WordPress Unattached media filter. Automatically attach used media files to their posts so you can safely clean up your library.

0 No CVEs
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

A
98

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs
Developer Profile

PixRem – Unused Image Cleaner Developer Profile

OM Media

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PixRem – Unused Image Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pixrem/admin/js/progress.js/wp-content/plugins/pixrem/assets/css/style.css
Script Paths
/wp-content/plugins/pixrem/admin/js/progress.js

HTML / DOM Fingerprints

Data Attributes
pixremAjax
JS Globals
pixremAjax
FAQ

Frequently Asked Questions about PixRem – Unused Image Cleaner